﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

using System.Data;
using System.Configuration;
using System.Data.SqlClient;
namespace ScoreManage
{
    public partial class ChangePass : System.Web.UI.Page
    {
        string ID;
        protected void Page_Load(object sender, EventArgs e)
        {
            if (Session["ID"] == null) Response.Redirect("Login.aspx");
            ID = Session["ID"].ToString();
        }
        protected void btnOK_Click(object sender, EventArgs e)
        {
            if (Page.IsValid)
            {
                string NewPassword = txtNewPassword.Text.Trim().Replace("'", "''");

                string strConn = ConfigurationManager.ConnectionStrings["studbConnectionString"].ConnectionString;
                SqlConnection conn = new SqlConnection(strConn);
                conn.Open();
                string strSql;
                if (Session["Type"].ToString() == "学生")
                {
                    strSql = string.Format("UPDATE student SET password = '{0}' WHERE sno = '{1}'", NewPassword, ID);
                }
                else if (Session["Type"].ToString() == "教师")
                {
                    strSql = string.Format("UPDATE teacher SET password = '{0}' WHERE tno = '{1}'", NewPassword, ID);
                }
                else
                {
                    strSql = string.Format("UPDATE user SET password = '{0}' WHERE userid = '{1}'", NewPassword, ID);
                }
                SqlCommand myCommand = new SqlCommand(strSql, conn);
                myCommand.ExecuteNonQuery();
                lblMsg.Text = "密码修改成功！";
                //ClientScript.RegisterStartupScript(this.GetType(), null, "<script>alert('密码修改成功！')</script>");
                conn.Close();
                string Type = Session["Type"].ToString();
                if (Type == "学生")
                {
                    Response.Redirect("StudentGradeQuery.aspx?item=4");
                }
                else if (Type == "教师")
                {
                    Response.Redirect("TeacherGradeManage.aspx?item=1");
                }
                else
                {
                    Response.Redirect("CourseManage.aspx?item=1");
                }
            }
        }

        protected void btnReturn_Click(object sender, EventArgs e)
        {
            string Type = Session["Type"].ToString();
            if (Type == "学生")
            {
                Response.Redirect("StudentGradeQuery.aspx?item=4");
            }
            else if (Type == "教师")
            {
                Response.Redirect("TeacherGradeManage.aspx?item=1");
            }
            else
            {
                Response.Redirect("CourseManage.aspx?item=1");
            }
        }

        protected void CustomValidator1_ServerValidate(object source, ServerValidateEventArgs args)
        {
            string Password = txtPassword.Text.Trim();
            Password = Password.Replace("'", "''");

            string strConn = ConfigurationManager.ConnectionStrings["studbConnectionString"].ConnectionString;
            SqlConnection conn = new SqlConnection(strConn);
            conn.Open();
            string strSql;
            if (Session["Type"].ToString() == "学生")
            {
                strSql = string.Format("SELECT * FROM student WHERE sno='{0}' and password='{1}'", ID, Password);
            }
            else if (Session["Type"].ToString() == "教师")
            {
                strSql = string.Format("SELECT * FROM teacher WHERE tno='{0}' and password='{1}'", ID, Password);
            }
            else
            {
                strSql = string.Format("SELECT * FROM user WHERE userid='{0}' and password='{1}'", ID, Password);
            }
            SqlCommand myCommand = new SqlCommand(strSql, conn);
            SqlDataReader dr = myCommand.ExecuteReader();

            args.IsValid = dr.Read();
            dr.Close(); conn.Close();
        }
    }
}